diff --git a/roles/appsmith/defaults/main.yml b/roles/appsmith/defaults/main.yml index a169e7d..cbb0ac2 100644 --- a/roles/appsmith/defaults/main.yml +++ b/roles/appsmith/defaults/main.yml @@ -47,5 +47,7 @@ appsmith_public_url: http://{{ inventory_hostname }} # User signup can be disabled appsmith_user_signup: True +# If signup is enabled, you can restrict which domains are allowed to signup (an empty list means no restriction) +appsmith_signup_whitelist: [] # If signup is disabled, you can set a list of whitelisted email which will be allowed appsmith_admin_emails: [] diff --git a/roles/appsmith/templates/env.j2 b/roles/appsmith/templates/env.j2 index 2f777dc..62c416b 100644 --- a/roles/appsmith/templates/env.j2 +++ b/roles/appsmith/templates/env.j2 @@ -19,4 +19,7 @@ APPSMITH_DISABLE_TELEMETRY=true APPSMITH_ENCRYPTION_PASSWORD={{ appsmith_encryption_pass }} APPSMITH_ENCRYPTION_SALT={{ appsmith_encryption_salt }} APPSMITH_SIGNUP_DISABLED={{ appsmith_user_signup | ternary('false','true') }} +{% if appsmith_signup_whitelist | length > 0 and appsmith_user_signup %} +APPSMITH_SIGNUP_ALLOWED_DOMAINS={{ appsmith_signup_whitelist | join(',') }} +{% endif %} APPSMITH_ADMIN_EMAILS={{ appsmith_admin_emails | join(',') }} diff --git a/roles/bookstack/defaults/main.yml b/roles/bookstack/defaults/main.yml index f39d595..91bdc09 100644 --- a/roles/bookstack/defaults/main.yml +++ b/roles/bookstack/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to deploy -bookstack_version: 21.05.3 +bookstack_version: 21.05.4 # URL of the arhive bookstack_archive_url: https://github.com/BookStackApp/BookStack/archive/v{{ bookstack_version }}.tar.gz # Expected sha1 of the archive -bookstack_archive_sha1: 56f67c8ad268d4bbbec9bd6590c293cf741e4370 +bookstack_archive_sha1: 644f24cd4bd5ec69b7ae19ea5453c6dcca9db67a # Should ansible handle bookstack upgrades or just the inintial install bookstack_manage_upgrade: True diff --git a/roles/paperless_ng/defaults/main.yml b/roles/paperless_ng/defaults/main.yml index c61ab1d..260a897 100644 --- a/roles/paperless_ng/defaults/main.yml +++ b/roles/paperless_ng/defaults/main.yml @@ -45,3 +45,7 @@ paperless_ocr_lang: fra # Password for the initial admin account. If not defined, a random one will be generated and stored in {{ papermerge_root_dir }}/meta/ansible_admin_pass # paperless_admin_pass: p@ssW0rd + +# If set, paperless will look for a username sent in the provided HTTP header +# If a user is found, it'll be automatically authenticated +# paperless_auth_header: HTTP_REMOTE_USER diff --git a/roles/paperless_ng/templates/paperless.conf.j2 b/roles/paperless_ng/templates/paperless.conf.j2 index 846673e..51433c6 100644 --- a/roles/paperless_ng/templates/paperless.conf.j2 +++ b/roles/paperless_ng/templates/paperless.conf.j2 @@ -24,3 +24,7 @@ PAPERLESS_CONSUMER_DELETE_DUPLICATES=True PAPERLESS_CONSUMER_RECURSIVE=True PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS=True PAPERLESS_CONVERT_TMPDIR={{ paperless_root_dir }}/tmp +{% if paperless_auth_header is defined %} +PAPERLESS_ENABLE_HTTP_REMOTE_USER=True +PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME={{ paperless_auth_header }} +{% endif %}